vSphere Insider: Mike Foley

“With vSphere 6.5, you add security to day-to-day operations without any negative impact.”

When Mike Foley was laid off from his job in the 2001 recession, he learned an important lesson: Don’t settle for the status quo.

It’s a good thing he learned that lesson early, because he applies it every day in his work at VMware in Technical Marketing. Security is his specialty, which means that “settling” is the opposite of his job. He’s seen it a million times: People settle and let down their guard, and suddenly the wolves that were at the gate are inside the house.

We sat down with Mike to learn more about him and why vSphere 6.5 is such a big step toward his vision of the data center of the future.

Where are you based?

I live in Central Massachusetts in a house out in the country. My wife and I have a 15-year-old son, a 12-year-old son and a 5-year-old German Shepherd. I built a shed out in my backyard, and that’s my home office. I call it Shedquarters. If you looked through the window, you would see probably four Macintosh computers and a whole bunch of PCs. Typical tech geek.

What brought you to VMware?

When I was working at RSA Security, I was managing all the technical needs of our trade show environment. I found that it was easier to do that using VMware. Before long, I was diving into all the VMware technology. And then one day, my wife and I were walking through Boston Common and we ran into Art Coviello, who was the CEO of RSA. When he found out I was one of his only VMware people at RSA, he said, “I want you in my office next week.” That was my career-changing moment.

Suddenly I was the VMware guy, and I was moved into the evangelists group in RSA. Before I knew it, I was doing four or five presentations a week, and I was brought into VMware five years ago.

You advise people not to settle, including not settling for anything but the best technology. So why is it important to upgrade to vSphere 6.5?

vSphere 6.5 is providing new options to do things with the least amount of impact to the day-to-day operations. So, if the security team says, “We need to encrypt everything,” you don’t have to rip and replace. As part of the provisioning process, you can encrypt a virtual machine just by asking a couple of questions. “Will sensitive data be on this virtual machine?” Yes? Check the box, and that’s it. It’s encrypted.

You don’t have to log into the VM, turn on BitLocker, do this, do that—and you don’t have to do it for 4,000 VMs individually. You can do it with one line of PowerCLI code. You’ve added security to day-to-day operations without any negative impact. That’s huge.

Mike Outside "Shedquarters" in Central Massachussetts

What is one surprising fact that you learned from interacting with vSphere customers?

Every customer’s security posture is unique. Some have amazing security teams that really get it. They work hand in hand with IT and take the time to understand the risks. Then there are the ones that don’t. Still others have “the one guy” who is IT, security, chief cook and bottle washer. All of them have different requirements. I think what’s most surprising is that the security industry has a lot of standards, and everyone implements them differently—or not at all.

How will vSphere stay relevant in the future?

Some people in the industry are saying, “Oh, the hypervisor is a commodity.” But as someone who is well-known for speaking frankly, I think that's the biggest pile of garbage in the world. All of the innovation happens at the hypervisor level. We can add more functionality there to relieve the customer from operational pain and suffering. A perfect example is VM encryption. Because VM encryption is done at the hypervisor, I don't have to manage the VM as a security snowflake. It doesn't have to be a unique entity. I just apply the policy and I'm done, and you only get that by doing major technical innovations at the hypervisor level. That’s what we do.

What’s the future of security in the data center over the next few years?

The bad guys are moving a lot faster than the good guys, and for the data center of the future to deal with that, IT operations must become more agile. The data center of the future in my ideal world doesn't have an issue called downtime. There’s no “Oh, we can only patch on the second Thursday of the month.” Bang, you’ll just install patches while production is running.

We need that because the threats are coming in fast and furious. We want to be able to say to a customer, “Don't worry, you're not going have to waste your whole weekend upgrading individual VMs, because much of the security is done at the hypervisor level.” That’s my ideal end state. It's going take a while to get there, but I think from a security standpoint, from an operations standpoint, empowering customers to not have to treat a production environment with kid gloves will be huge.

What’s your top security advice?

Again, “don't settle for the status quo”. It’s my motto for work and for life. But I see so many people say, “Well, this is the way we've always done it,” as if that means it’s somehow good enough for today and tomorrow. It’s not. Attackers are looking for new and different ways to attack you—so you have to think of new and different ways to protect against it. Or you’ll quickly discover that you’re not protected at all.